Downloading mobile apps from non-official sources has become a lot more dangerous over the last year, with apps now needing more built-in protection, according to a new report.
The number of Top 100 iOS apps that have been hacked1 over the past year increased from 56 per cent in 2013 to 87 per cent in 2014. The majority (97 per cent) of top paid Android apps have been hacked, according to Arxan Technologies.
Arxan also looked into the level of medical and healthcare mobile apps that have been repackaged, finding that 90 per cent of Android medical apps have been hacked over the past year.
The vast majority (95 per cent) of the top Android finance apps were hacked in 2014, compared with only 53 per cent in 2013.
Nine of the 10 top retail Android apps were hacked in 2014, compared with 36 per cent of iOS retail apps.
As such, apps need to be made more tamper-resistant and capable of defending themselves and detecting threats at runtime, according to Arxan.
As a specialist in application protection, Arxan has an obvious vested interest in talking up the threat from poorly protected mobile apps. However, that's not to say it isn't onto something. The recent discovery of the WireLurker iOS malware provides evidence that the issue of tampered apps is a real and present danger.
More information about Arxan’s 2014 State of Mobile App Security report can be found on a dedicated microsite here. ®
1Arxan explained that the references to hacked and cracked apps in its study are synonymous.
A cracked app refer to someone taking the original app, turning it into a rogue version of the application and adding or modifying many attributes and behaviours that the app did not originally have, such as having security controls bypassed or unauthorised functions.